Matt Jonkman and James Ashton founded Bleeding Edge Threats (BET) (previously Bleeding Edge Snort) in 2003 as a...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
focus point for a variety of projects related to intrusion detection. BET's most popular set of rules are BSD licensed and require no registration. There are other rules available, too.
I recommend using both Sourcefire VRT rules and BET rules on sensors. Sourcefire VRT rules are backed by a professional rule development team with millions of dollars of testing equipment at its disposal and specialized tools for signature generation, so they tend to be solid and well-tested. BET releases rules almost immediately upon discovery of a network-based attack, so they can be rough around the edges and less tested. I have found many interesting network activities only using BET rules, however.
Snort Report -- IDS Snort rules
Bleeding Edge Threats rules
Acquiring Snort rules
Activating Snort rules
About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.